Transparent path junction concepts

For standard WebSEAL junctions, links to resources on a back-end junctioned application server can only succeed if the URL in the request received by WebSEAL contains the identity of the junction. Standard junctions use filtering to force URLs found in HTML response pages to appear correct when viewed as a part of WebSEAL's single host document space. The transparent path junction option (-x) eliminates the need to filter the path portion of a URL. To work, the junction name must match the name of a subdirectory under the root of the back-end server document space. Resources accessed through this junction must be located under this subdirectory. The transparent path junction name represents the name of the actual subdirectory on the back-end server.

There are three parts of a URL that must be considered in a filtering solution:

• protocol
• host name:port
• path

Transparent path junctions are the same as standard junctions except the junction name, instead of being an addition to the URL path, is based on the path already present on the back-end application. Transparent path junctions allow WebSEAL to route requests to a junction based on the URL path of the back-end server resources rather than based on a junction name added to the path. For example, if the configured junction name is /docs, all resources controlled by this junction must be located on the back-end server under a subdirectory called /docs. The transparent path junction mechanism prevents WebSEAL from filtering the path portion of links to the resources protected by this junction. The junction name has now become part of the actual path expression describing the location of a resource and no longer requires filtering. The junction name is not added to or removed from the path portion of URLs, as it is in junctions created without the transparent path option.

WebSEAL does support nested paths. For example, the following three junctions are all valid and can be made on the same WebSEAL system:

/financing/tools
/financing/tools/gars
/financing/tools/gars/custom

The pattern-matching within WebSEAL is sensitive enough to map to the most "specific" junction first, /financing/tools/gars/custom in this example.

Parent topic: Transparent path junctions